PT-2026-51076 · Nuget · Corewcf.Primitives

Published

2026-06-19

·

Updated

2026-06-19

·

CVE-2026-54779

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact

When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Provide your own implementation of ITokenReplayCache with the correct behavior.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-294CWE-613

Related Identifiers

CVE-2026-54779
GHSA-9JR3-RJ99-8JQ3

Affected Products

Corewcf.Primitives